Research Overview
The
Internet has evolved to become a commercial infrastructure for service
delivery. However, the Internet being an enormous, highly-dynamic,
heterogeneous, and untrusted environment raises
several challenges for building Internet-scale services with good scalability, efficiency,
agility and security. The overarching
goal of my research is to provide networking and system support for Internet
services and applications to address these challenges.
In
particular, I have been focused on monitoring the network for performance
measurement, diagnosis, trouble shooting, and anomaly and intrusion
detection. Central to these challenges
are the infrastructure ossification and lack of understanding of the Internet
artifact. For the first challenge, the
ability to deploy innovative disruptive technologies in the core infrastructure
(which is operated mainly by businesses) is extremely limited. Consequently, we propose to use the overlay
networks, which introduce new functionality within the network near the edges,
and assume as little changes to the routers as possible. For the second challenge, it has proved
difficult to characterize, understand, and model the enormous volume and great
variety of Internet traffic in terms of large-scale behaviors. However, without
this deep understanding, it is very hard, if not impossible, to design new
protocols, architectures, or services that will work better for the
Internet.
My
research methodology is the combination of theory, synthetic/real trace driven
simulation, and real-world implementation and deployment. We draw from diverse fields of applied
mathematics, such as combinatorial
algorithms, linear algebra and statistical learning as needed to better
understand the design space structure.
To get access to the real Internet measurement (often proprietary), we
have been actively collaborating with researchers from various places, such as
AT&T Labs, HP Labs, Yahoo!, Keynote, Microsoft Research, Fermi National
Labs, National Laboratory for Applied Network Research (NLANR), and the
Internet Storm Center of the SANS (SysAdmin, Audit,
Network, Security) Institute.
I run the
Northwestern Lab for Internet and
Security Technology, where my students and I are working on the following projects:
1) Global Router-based Anomaly/Intrusion Detection (GRAID)
Systems; 2) Overlay
Network Monitoring and Diagnostics ; and 3) A Peer-to-Peer System for
Tunable, Dynamic, and Heterogeneous Information Retrieval (collaborated with
Yahoo! and UIUC). I was affiliated with
the SAHARA and OceanStore projects at U. C. Berkeley.